Trust Assessment
telegram-voice-to-voice-macos received a trust score of 51/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 6 findings: 0 critical, 4 high, 2 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Command Injection via OGG_PATH in transcribe_telegram_ogg.sh, Command Injection via YAP_LOCALE environment variable in transcribe_telegram_ogg.sh.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via OGG_PATH in transcribe_telegram_ogg.sh The `OGG_PATH` variable, derived from the first argument to the script, is directly interpolated into the `yap transcribe` command. If the untrusted input for `OGG_PATH` contains shell command substitution (e.g., `$(command)` or `` `command` ``), the embedded command will be executed by the shell before `yap` is invoked. This allows for arbitrary command execution on the host system. Sanitize `OGG_PATH` to ensure it only contains valid file path characters and does not contain shell metacharacters. A robust solution would be to use `printf %q` to shell-escape the path, or to strictly validate the path against a whitelist of allowed characters and structures. | LLM | scripts/transcribe_telegram_ogg.sh:30 | |
| HIGH | Command Injection via YAP_LOCALE environment variable in transcribe_telegram_ogg.sh The `YAP_LOCALE` environment variable is directly interpolated into the `yap transcribe` command. If an attacker can control this environment variable (e.g., through a prompt injection that influences the skill's execution environment) and inject shell command substitution (e.g., `$(command)` or `` `command` ``), the embedded command will be executed by the shell before `yap` is invoked. This allows for arbitrary command execution on the host system. If `YAP_LOCALE` is intended to be user-configurable, it must be strictly validated against a whitelist of allowed locale formats or shell-escaped using `printf %q` before use. | LLM | scripts/transcribe_telegram_ogg.sh:30 | |
| HIGH | Command Injection via VOICE argument in tts_telegram_voice.sh The `VOICE` variable, derived from the second argument to the script, is directly interpolated into the `say` command. If the untrusted input for `VOICE` contains shell command substitution (e.g., `$(command)` or `` `command` ``), the embedded command will be executed by the shell before `say` is invoked. This allows for arbitrary command execution on the host system. Sanitize `VOICE` to ensure it only contains valid voice name characters and does not contain shell metacharacters. A robust solution would be to use `printf %q` to shell-escape the voice name, or to strictly validate it against a whitelist of allowed voice names. | LLM | scripts/tts_telegram_voice.sh:38 | |
| HIGH | Command Injection via TEXT argument in tts_telegram_voice.sh The `TEXT` variable, derived from the first argument to the script, is directly interpolated into the `say` command. If the untrusted input for `TEXT` contains shell command substitution (e.g., `$(command)` or `` `command` ``), the embedded command will be executed by the shell before `say` is invoked. This allows for arbitrary command execution on the host system. Sanitize `TEXT` to ensure it does not contain shell metacharacters. A robust solution would be to use `printf %q` to shell-escape the text before passing it to `say`. | LLM | scripts/tts_telegram_voice.sh:36 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/fiberian1981/telegram-voice-to-voice-macos/scripts/transcribe_telegram_ogg.sh:7 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/fiberian1981/telegram-voice-to-voice-macos/scripts/tts_telegram_voice.sh:26 |
Scan History
Embed Code
[](https://skillshield.io/report/afff7741d8eff665)
Powered by SkillShield